Voice VLAN – Auxiliary VLAN

The terms Voice VLAN or Auxiliary VLAN typically mean the same thing: They are a feature which allows an access port — which normally only accepts untagged traffic for a single VLAN — to also accept tagged traffic for a second VLAN.

But that is merely the “what”, and if you were simply looking for a definition, then the above is all you need voice jobs.

However, in order to really understand the concept, we have to look at the “why”, and also a bit of the history which brought about the Auxiliary VLAN. Doing so will reveal the use cases for the Voice VLAN or Auxiliary VLAN, as well as a particular use case for the Native VLAN.

Before we get into the details, it is important to have a solid understanding of VLANs. Namely the purpose of VLANs, Access Ports, Trunk Ports, the Native VLAN, the configuration of VLANs, and the concept of a Converged Network. If these concepts are not familiar to you, start by reading the articles and videos which explain them.

Also, the terms themselves are generally interchangeable. Voice VLAN is more often used in the Cisco context because of the command used to configure it, while Auxiliary VLAN is typically the name of the feature itself.

Voice VLAN Functionality

Imagine office cubicles. Imagine each cubicle contains a desk and a computer which an employee uses to connect to your corporate network.

Voice VLAN – Auxiliary VLAN – Office Cubicles

When this office floor was being built, network cables were ran through the walls and ceilings from each position on the cubicle floor to the network closet where the access switch for the corporate network exists.

These cable runs are sometimes called “LAN drops” – a place an employee can connect locally (from their cubicle) into the corporate network switch (behind lock and key in the network cabinet).

You end up with a topology that looks something like this (image not drawn to scale):

Voice VLAN – Auxiliary VLAN – Desks before VOIP Phones

Traditionally, there was one LAN drop for each cubicle.

This was sufficient when employees only had one PC or Laptop to connect to the network. They would simply plug in locally at the cubicle, and the wall jack would lead back to the corporate network switch.

The switchport would be configured as an access port in the VLAN associated with that employee’s role. The PC sends untagged data traffic, and the switch associates that traffic with the Data VLAN. On a Cisco switch, the configuration would resemble something like the following:

Switch(config)# vlan 22

Switch(config-vlan)# name DATA

Switch(config)# interface ethernet0/0

Switch(config-if)# switchport mode access

Switch(config-if)# switchport access vlan 22

It is worth highlighting that (typically) PCs always send untagged traffic – this point will be important shortly.

As time went on, phones which could carry Voice traffic over the IP network (VOIP phones) started being developed. Which leaves us with a problem — if a VOIP phone is added to each desk, where could you plug it in to get access to the corporate network? There is only one available wall jack and it is already in use by the PC.